diff options
| -rw-r--r-- | firmware/include/vboot_nvstorage.h | 5 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_init.c | 1 | ||||
| -rw-r--r-- | firmware/lib/vboot_display.c | 6 | ||||
| -rw-r--r-- | firmware/lib/vboot_nvstorage.c | 15 | ||||
| -rw-r--r-- | firmware/lib/vboot_nvstorage_rollback.c | 1 | ||||
| -rw-r--r-- | host/lib/crossystem.c | 4 | ||||
| -rw-r--r-- | tests/vboot_api_init_tests.c | 12 | ||||
| -rw-r--r-- | tests/vboot_nvstorage_test.c | 1 |
8 files changed, 45 insertions, 0 deletions
diff --git a/firmware/include/vboot_nvstorage.h b/firmware/include/vboot_nvstorage.h index 65cd2e5b..7f017350 100644 --- a/firmware/include/vboot_nvstorage.h +++ b/firmware/include/vboot_nvstorage.h @@ -72,6 +72,11 @@ typedef enum VbNvParam { /* Only boot Google-signed images in developer mode. 0=no, 1=yes. */ VBNV_DEV_BOOT_SIGNED_ONLY, /* + * Allow full fastboot capability in firmware in developer mode. + * 0=no, 1=yes. + */ + VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, + /* * Set by userspace to request that RO firmware disable dev-mode on the * next boot. This is likely only possible if the dev-switch is * virtual. diff --git a/firmware/lib/vboot_api_init.c b/firmware/lib/vboot_api_init.c index ce89715a..4371042d 100644 --- a/firmware/lib/vboot_api_init.c +++ b/firmware/lib/vboot_api_init.c @@ -320,6 +320,7 @@ VbError_t VbInit(VbCommonParams *cparams, VbInitParams *iparams) VbNvSet(&vnc, VBNV_DEV_BOOT_USB, 0); VbNvSet(&vnc, VBNV_DEV_BOOT_LEGACY, 0); VbNvSet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, 0); + VbNvSet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, 0); /* * Back up any changes now, so these values can't be forgotten * by draining the battery. We really only care about these diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c index 26fa8bd4..311a1c9a 100644 --- a/firmware/lib/vboot_display.c +++ b/firmware/lib/vboot_display.c @@ -564,6 +564,12 @@ VbError_t VbDisplayDebugInfo(VbCommonParams *cparams, VbNvContext *vncptr) DEBUG_INFO_SIZE - used); used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, i, 10, 0); + /* Add dev_boot_fastboot_full_cap flag */ + VbNvGet(vncptr, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, &i); + used += StrnAppend(buf + used, "\ndev_boot_fastboot_full_cap: ", + DEBUG_INFO_SIZE - used); + used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, i, 10, 0); + /* Add TPM versions */ used += StrnAppend(buf + used, "\nTPM: fwver=0x", DEBUG_INFO_SIZE - used); used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, diff --git a/firmware/lib/vboot_nvstorage.c b/firmware/lib/vboot_nvstorage.c index af24fac1..ebf796e6 100644 --- a/firmware/lib/vboot_nvstorage.c +++ b/firmware/lib/vboot_nvstorage.c @@ -41,6 +41,7 @@ #define DEV_BOOT_USB_MASK 0x01 #define DEV_BOOT_SIGNED_ONLY_MASK 0x02 #define DEV_BOOT_LEGACY_MASK 0x04 +#define DEV_BOOT_FASTBOOT_FULL_CAP_MASK 0x08 #define TPM_FLAGS_OFFSET 5 #define TPM_CLEAR_OWNER_REQUEST 0x01 @@ -150,6 +151,11 @@ int VbNvGet(VbNvContext *context, VbNvParam param, uint32_t *dest) 1 : 0); return 0; + case VBNV_DEV_BOOT_FASTBOOT_FULL_CAP: + *dest = (raw[DEV_FLAGS_OFFSET] & DEV_BOOT_FASTBOOT_FULL_CAP_MASK + ? 1 : 0); + return 0; + case VBNV_DISABLE_DEV_REQUEST: *dest = (raw[BOOT_OFFSET] & BOOT_DISABLE_DEV_REQUEST ? 1 : 0); return 0; @@ -292,6 +298,15 @@ int VbNvSet(VbNvContext *context, VbNvParam param, uint32_t value) raw[DEV_FLAGS_OFFSET] &= ~DEV_BOOT_SIGNED_ONLY_MASK; break; + case VBNV_DEV_BOOT_FASTBOOT_FULL_CAP: + if (value) + raw[DEV_FLAGS_OFFSET] |= + DEV_BOOT_FASTBOOT_FULL_CAP_MASK; + else + raw[DEV_FLAGS_OFFSET] &= + ~DEV_BOOT_FASTBOOT_FULL_CAP_MASK; + break; + case VBNV_DISABLE_DEV_REQUEST: if (value) raw[BOOT_OFFSET] |= BOOT_DISABLE_DEV_REQUEST; diff --git a/firmware/lib/vboot_nvstorage_rollback.c b/firmware/lib/vboot_nvstorage_rollback.c index 8e67812d..85c245a7 100644 --- a/firmware/lib/vboot_nvstorage_rollback.c +++ b/firmware/lib/vboot_nvstorage_rollback.c @@ -20,6 +20,7 @@ static const VbNvParam backup_params[] = { VBNV_DEV_BOOT_USB, VBNV_DEV_BOOT_LEGACY, VBNV_DEV_BOOT_SIGNED_ONLY, + VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, }; /* We can't back things up if there isn't enough storage. */ diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index af0acc40..cb6b9602 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -499,6 +499,8 @@ int VbGetSystemPropertyInt(const char* name) { value = VbGetNvStorage(VBNV_DEV_BOOT_LEGACY); } else if (!strcasecmp(name,"dev_boot_signed_only")) { value = VbGetNvStorage(VBNV_DEV_BOOT_SIGNED_ONLY); + } else if (!strcasecmp(name,"dev_boot_fastboot_full_cap")) { + value = VbGetNvStorage(VBNV_DEV_BOOT_FASTBOOT_FULL_CAP); } else if (!strcasecmp(name,"oprom_needed")) { value = VbGetNvStorage(VBNV_OPROM_NEEDED); } else if (!strcasecmp(name,"recovery_subcode")) { @@ -653,6 +655,8 @@ int VbSetSystemPropertyInt(const char* name, int value) { return VbSetNvStorage_WithBackup(VBNV_DEV_BOOT_LEGACY, value); } else if (!strcasecmp(name,"dev_boot_signed_only")) { return VbSetNvStorage_WithBackup(VBNV_DEV_BOOT_SIGNED_ONLY, value); + } else if (!strcasecmp(name,"dev_boot_fastboot_full_cap")) { + return VbSetNvStorage_WithBackup(VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, value); } return -1; diff --git a/tests/vboot_api_init_tests.c b/tests/vboot_api_init_tests.c index 331ba72d..a74c541d 100644 --- a/tests/vboot_api_init_tests.c +++ b/tests/vboot_api_init_tests.c @@ -555,6 +555,7 @@ static void VbInitTestBackup(void) VbNvSet(&vnc, VBNV_DEV_BOOT_USB, 1); VbNvSet(&vnc, VBNV_DEV_BOOT_LEGACY, 1); VbNvSet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, 1); + VbNvSet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, 1); /* and some that don't */ VbNvSet(&vnc, VBNV_OPROM_NEEDED, 1); VbNvSet(&vnc, VBNV_TRY_B_COUNT, 3); @@ -582,6 +583,8 @@ static void VbInitTestBackup(void) TEST_EQ(u, 0, " NV dev_boot_legacy"); VbNvGet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &u); TEST_EQ(u, 0, " NV dev_boot_signed_only"); + VbNvGet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, &u); + TEST_EQ(u, 0, " NV dev_boot_fastboot_full_cap"); /* So we should have written the backup */ TEST_EQ(backup_write_called, 1, " Backup written once"); /* And the backup should reflect the persisent flags. */ @@ -597,6 +600,8 @@ static void VbInitTestBackup(void) TEST_EQ(u, 0, " BU dev_boot_legacy"); VbNvGet(&tmp_vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &u); TEST_EQ(u, 0, " BU dev_boot_signed_only"); + VbNvGet(&tmp_vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, &u); + TEST_EQ(u, 0, " BU dev_boot_fastboot_full_cap"); /* but not the others */ VbNvGet(&tmp_vnc, VBNV_OPROM_NEEDED, &u); TEST_EQ(u, 0, " BU oprom_needed"); @@ -636,6 +641,7 @@ static void VbInitTestBackup(void) VbNvSet(&vnc, VBNV_DEV_BOOT_USB, 1); VbNvSet(&vnc, VBNV_DEV_BOOT_LEGACY, 1); VbNvSet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, 1); + VbNvSet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, 1); /* and some that don't */ VbNvSet(&vnc, VBNV_OPROM_NEEDED, 1); VbNvSet(&vnc, VBNV_TRY_B_COUNT, 4); @@ -683,6 +689,8 @@ static void VbInitTestBackup(void) TEST_EQ(u, 1, " BU dev_boot_legacy"); VbNvGet(&tmp_vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &u); TEST_EQ(u, 1, " BU dev_boot_signed_only"); + VbNvGet(&tmp_vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, &u); + TEST_EQ(u, 1, " BU dev_boot_fastboot_full_cap"); /* but not the others */ VbNvGet(&tmp_vnc, VBNV_OPROM_NEEDED, &u); TEST_EQ(u, 0, " BU oprom_needed"); @@ -720,6 +728,8 @@ static void VbInitTestBackup(void) TEST_EQ(u, 1, " BU dev_boot_legacy"); VbNvGet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &u); TEST_EQ(u, 1, " BU dev_boot_signed_only"); + VbNvGet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, &u); + TEST_EQ(u, 1, " BU dev_boot_fastboot_full_cap"); /* * But if we lose the NV storage and go back to normal mode at the same @@ -754,6 +764,8 @@ static void VbInitTestBackup(void) TEST_EQ(u, 0, " BU dev_boot_legacy"); VbNvGet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &u); TEST_EQ(u, 0, " BU dev_boot_signed_only"); + VbNvGet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, &u); + TEST_EQ(u, 0, " BU dev_boot_fastboot_full_cap"); } diff --git a/tests/vboot_nvstorage_test.c b/tests/vboot_nvstorage_test.c index ec857382..9548a806 100644 --- a/tests/vboot_nvstorage_test.c +++ b/tests/vboot_nvstorage_test.c @@ -33,6 +33,7 @@ static VbNvField nvfields[] = { {VBNV_DEV_BOOT_USB, 0, 1, 0, "dev boot usb"}, {VBNV_DEV_BOOT_LEGACY, 0, 1, 0, "dev boot legacy"}, {VBNV_DEV_BOOT_SIGNED_ONLY, 0, 1, 0, "dev boot custom"}, + {VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, 0, 1, 0, "dev boot fastboot full cap"}, {VBNV_DISABLE_DEV_REQUEST, 0, 1, 0, "disable dev request"}, {VBNV_CLEAR_TPM_OWNER_REQUEST, 0, 1, 0, "clear tpm owner request"}, {VBNV_CLEAR_TPM_OWNER_DONE, 0, 1, 0, "clear tpm owner done"}, |